shibboleth-dev - Re: Shibboleth and Active Directory
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: Shibboleth and Active Directory
- Date: Tue, 05 Feb 2008 07:24:04 +0100
- Organization: SWITCH
Yes, you can use Shibboleth and AD together, to Shib AD is just another LDAP directory. Shibboleth itself doesn't mandate the use of any attribute, so if the attributes in AD are sufficient than you wouldn't have to extend the schema. If they are not sufficient you have a couple options. First, extend the schema (this can be a pain with AD). Second, pull the attributes from another source (shib can speak with LDAP directories and relational databases). Third, compute the attributes from those that you already have (shib is able to perform multiple transformations on collected attributes).
The thing that tends to get most people is AD use of LDAP referrals. By default Java's LDAP support throws a continuation exception when it gets a referral. The Shib documentation indicates the various ways you can deal with this but the most common is just to ignore referrals.
Mark Cruz wrote:
Hello,
This is my first posting re Shibboleth so please excuse me if this is the wrong list and feel free to redirect me to the appropriate channel.
We are exploring the idea of possibly integrating Shibboleth and Active Directory. I would like to find out if anyone has/is using this type of method for authentication. I am almost completely ignorant of Shibboleth itself, except for what I’ve read on the Shibboleth FAQs, the wiki, and what’s been shared in our own internal meetings with the Shibboleth development team. I’m an Active Directory/Windows engineer, so that’s the world I live in. There is talk as to possibly using Active Directory to maintain certain attributes that Shibboleth may/will need? Does this require extending the schema, or do these attributes already exist? Is this Active Directory method even a “preferred” setup? Any gotchas?
Any insight would be most appreciated.
Mark
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- Shibboleth and Active Directory, Mark Cruz, 02/04/2008
- Re: Shibboleth and Active Directory, Joe Mahlenkamp, 02/04/2008
- Unsubscribing from the Shibboleth-Dev list, Steve Olshansky, 02/04/2008
- Re: Shibboleth and Active Directory, Chad La Joie, 02/05/2008
- Re: Shibboleth and Active Directory, Joe Mahlenkamp, 02/04/2008
Archive powered by MHonArc 2.6.16.